In association with heise online

29 June 2009, 11:54

Lost+Found: Bug reports, eBay, anti-debugging and asterisks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Too short for news, too good to lose; lost+found is a round up of useful security information. Today, Bug reports, eBay, anti-debugging and asterisks

A strange vulnerability in NetBSD's pam_unix module: a normal user can change the root password if he knows the current root password.

Bruce Schneier has had enough of eBay: two attempts to auction his laptop were scuttled by attempted bidder fraud. He then switched to only accepting offers by email and sold it to someone who reads his blog.

Malware authors can prevent analysis of Windows malware with default-configured debuggers by using callbacks to 'thread local storage' functions (TLS). Windows executes TLS calls in the PE header, before venturing into the actual program, i.e. before the debugger actually starts to run.

Opportunities for shoulder-surfing are usually limited, especially on home and even on work computers. Displaying bullets or asterisks instead of plain text when entering passwords is more likely to cause users to enter the wrong password rather than aid security.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit